🔥 3-day streak
Professional Security Operations Engineer81 / 241
Question 81 of 241
A security operations engineer is onboarding a high-volume firewall log source into Google SecOps. Legal and compliance require that all authentication and connection-block events be retained and searchable, but the firewall also generates massive volumes of low-value 'connection-allowed' informational events that consume ingestion budget without contributing to detections. The team wants to reduce ingestion cost while preserving security-relevant telemetry and normalization quality. What is the most appropriate approach?
Reviewed for accuracy · Report an issueNext question